Tuesday, November 10, 2009

Virus removed!


Hello readers, for past one week, my pendrive has been infected with a virus that is typically annoying. Basically once I plug in my pendrive to my PC, it automatically opens it without asking me whether what action to take. It has a file with "autorun.inf" file in it that canot be deleted because it is being used by OS once I plug it in. I enabled "Show hidden files" (My computer>Tools>Folder Options>Show hidden files) and unchecked the "Hide protected system files" box. I saw another file named "temp" with a recycle bin icon for it and it contains a file named "winsetup.exe" in it. The "winsetup.exe" file is the main file executed once I plug in my pendrive.

Steps I took to remove the virus but not successful:
1. Cleared my pendrive(removed or backup all my important files in it to other location) and formated my pendrive (right click on pendrive in my computer and choose format>Quick format).

The autorun.inf file is removed but when I plug in again, the file reappears inside my pendrive.
-Solution not succesful.

2. Scanned with antivirus and anti-malware software. The anti-virus and anti-malware software did not detect any viruses.

-Solution not succesful.

3. Deleted winsetup.exe from registry using regedit (Start>run>type regedit and press enter>edit>find>type winsetup.exe>after search, delete the found value that contains that file).
After that go in pendrive and delete the virus files (autorun.inf, temp including winsetup.exe).

The file appears again after replug-in the pendrive. -Solution not successful

4. Used Unlocker(can be downloaded from www.filehippo.com) software to unlock the autorun.inf file from windows processes. After that deleted autorun.inf in the pendrive.

The file appears again after replug-in my pendrive -Solution not successful.

All this solutions did not work out maybe because I suspect the virus infected my pc already.

The solution that work out at last:

1. I downloaded Malwarebytes Anti-Malware from www.filehippo.com.
2. Install and update the software.
3. Restarted my computer and entered Safe Mode.
4. Plug in the pendrive.
5. Run Malwarebytes Anti-Malware software and run quick scan.
6. The software detected two trojans in my C drive. (Maybe this infected files is the cause for my pendrive to be infected again and again everytime i plug in.)
7. Removed the infected files through Malwarebytes.
8. Malwarebytes required me to restart the system to delete one of the virus.
9. I deleted the virus files in my pendrive (autorun.inf, winsetup.exe). Note: you can even format your pendrive as an alternative.
10. Restarted the system.
11. Entered windows normally and found no virus files in my pendrive.
12. Replugged-in my pendrive and the virus files does not appear again.

-Solution successful.

I hope those who having this virus problem will find my solution helpful, though I can't guarantee the outcome to you as it worked out for me not tried not other machines.